Doctor, doctor, I think I’ve been the victim of identity theft

I’ve been reading about the epidemic of medical identity theft in the U.S., where it’s worth stealing someone’s identity in order to obtain medical treatment and then have it billed to the victim. But you might be interested to know what there’s an epidemic of medical theft going on in the UK as well. It’s just that here it’s doctors identities that are being stolen, not patients.

A banned doctor who stole another doctor’s identity and treated 3,000 patients has been jailed. Levon Mkhitarian, 36, of Renaissance Walk, London, pleaded guilty to fraud after he was caught impersonating a doctor while working in Ashford, Kent.
Mkhitarian, who was originally from Georgia, had been banned by the General Medical Council, but began forging documents to gain employment.

[From Banned doctor Levon Mkhitarian jailed after treating 3,000 patients – BBC News]

It’s one thing to open a bank account using a photocopy of a gas bill, but I would have assumed that hospitals employed more rigorous identification and authentication processes than banks do. So what barriers did Mr. Mkihtarian have to navigate to perpetrate his fraud? What high-tech methods did he have to circumvent to dupe the NHS? I expect he had to use a scanning electronic microscope to obtain the private key from a smart card and then crawl through a corridor criss-crossed with laser beams and then blow open a safe or… something… oh, wait…

He made up a CV, bank statements and energy bills, medical degree and training certificates.

[From Banned doctor Levon Mkhitarian jailed after treating 3,000 patients – BBC News]

So let’s get this straight then. The hospital was unable to detect the made-up CV, unable to detect the forged bank statement, unable to detect the fake utility bills, unable to determine that the medical degree was bogus and unable to validate the training certificates. In other words, to summarise, everything is broken.

Why didn’t they just use LinkedIn? If I worked at a hospital and somebody was applying for a job as a doctor with me, then the first thing I would do would be to look them up on LinkedIn. (Or maybe there’s some start-up I don’t know about that is already setting about creating LinkedIn for medical personnel in which case I’d use that instead.) But let’s just say LinkedIn for the time being. If the person applying for the job doesn’t exist on LinkedIn then I would naturally just throw the CV in the bin. I had experience of this recently in a corporate context when I was contacted by someone in the US in relation to some client business. I’d never heard of this person before and I didn’t want to waste time putting together some detailed responses to their questions (our responses having some commercial value in my judgement) so I asked them for their LinkedIn profile and was told, by the person in question, that they don’t have a LinkedIn profile because they prefer to remain private (as memory serves, I think he may have said “under the radar”). I paid no further attention.

If the person does exist on LinkedIn, then there is a resolvable chain that means that I can establish whether the credentials are real or not and in the future reputation economy I’m sure there will be a simple button I can click to do it for me and display the name in green if everything checks out, red if doesn’t.  Still, at least Mr. Mkihtarian was doctor, even if he’d been struck off. What’s much more worrying is that in the NHS you don’t actually need to be a doctor at all in order to practice medicine.

A woman has been charged with fraud after allegedly pretending to be a doctor at GP practices across the country… The 29-year-old, from Maidstone, in Kent, allegedly had no medical qualifications but was thought to have used a name and registration number with the General Medical Council belonging to a real doctor.

[From ‘Fake locum GP’ who worked in practices across Britain charged with fraud | Daily Mail Online]

Actually, I suppose most of the time that I go to the doctor I don’t really care if he or she is real or not, I just want them to give me some antibiotics or whatever. So I won’t get paranoid about this. My own personal paranoia about medical identity theft, and it’s not just because I’m English, is centred not on fake doctors but on fake dentists.

Ghulam Kibria’s sham surgery aroused suspicions after the 34-year-old started advertised on popular discount site Groupon… But Manchester Magistrates Court heard he had no dentist qualifications, used a false name and was fraudulently using the registration number of a genuine dentist.

[From Exposed: the fake dentist who ran bogus Manchester city centre practice – Manchester Evening News]

I’m staying calm. Deep breath. I guess that might be a one-off, so I’m not going to get too worked up unless… no, wait… Aaaarrrrrrghh!!

A bogus dentist with no qualifications managed to fool her employers at NHS hospitals for nine years before being discovered. Vinisha Sharma used a fake degree certificate to register with the General Dental Council (GDC) and was employed by seven different hospitals where she operated on patients under supervision.

[From Bogus NHS dentist earned £230,000 over nine years after bosses failed to spot fake qualifications | Daily Mail Online]

What? So the General Dental Council don’t even check if dentists actually really do have a degree!!! You know, there are some kinds of fraud that are more important than credit card fraud, and they are all growing. I think that in a few years from now, when ownership theft on the thingternet makes identity theft from large retailers look like a picnic in comparison, we’re going to look back with nostalgia on a time when fraud gangs only stole the banks’ money and not your house or X-rays or teeth.

Identity thieves

[Dave Birch] I’ve been thinking about identity theft because of a meeting I’m going to later on today and I was mulling over the different kinds of identity theft. It seems as if most of the identity theft we here about is really just “simple” credit card fraud, but of course there are other bigger and potentially more serious kinds of identity theft. But, once again, I must ask to what extent those crimes are the super new 21st century crime of identity theft and to what extent they are old-fashioned deception. Here is a case in point. I”m pretty sure I saw this on The Real Hustle on the BBC a few weeks ago, so I wonder if this is where the perps picked up the idea?

A brazen swindle in Wheaton last week in which a man walked into a BB&T bank dressed as an armored truck courier and walked out with $574,500 in cash has been linked to a similar bank job the next day in Washington, authorities in Montgomery County said yesterday. Assistant State’s Attorney Marybeth Ayres named Elizabeth K. Tarke, a teller at the BB&T branch, as a possible ringleader.

[From Teller Called Possible Ringleader in Two Bank Thefts – washingtonpost.com]

If you were going to pretend to be somebody else for half an hour, who would it be? Me, or a cash collector? The story says that an employee checked the bogus courier’s ID card. But how? I really doubt that the bank employee took off the courier’s ID card and put the ID card into a machine and had the courier put his eyes up to an iris scanner to match his iris to the card and then went online to have the card credentials verified by the courier company and bank servers. I’m sure the story means that the employee glanced at the ID card and it seemed about right.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.